Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 2 for Feb 2018: Make sure Automatic Update is turned off

    Posted on February 12th, 2018 at 08:24 woody Comment on the AskWoody Lounge

    Last month’s Patch Tuesday (and Monday, Wednesday, Thursday, Friday, Saturday and Sunday) should prove, once again, that knowledgeable Windows users need to turn off Automatic Update.

    Computerworld Woody on Windows.

    Do me a favor, wouldja? If you bump into any of the self-proclaimed security “experts” who tell everyone to turn on Automatic Update, would you post a link to their drivel? I took a lot of guff for my posts a year ago, advising folks to turn off Automatic Update. If there’s anybody in the industry who’s still spreading that kind of hooey, I want to know who and why.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums MS-DEFCON 2 for Feb 2018: Make sure Automatic Update is turned off

    This topic contains 30 replies, has 14 voices, and was last updated by  rc primak 3 months ago.

    • Author
      Posts
    • #166763 Reply

      woody
      Da Boss

      Last month’s Patch Tuesday (and Monday, Wednesday, Thursday, Friday, Saturday and Sunday) should prove, once again, that knowledgeable Windows users n
      [See the full post at: MS-DEFCON 2 for Feb 2018: Make sure Automatic Update is turned off]

      5 users thanked author for this post.
    • #166767 Reply

      WildBill
      AskWoody Lounger

      A mistaken double post? From Da Boss?! Or a not-so-subtle message about MS-DEFCON 2 & to DANG IT, Turn off Automatic Update!? BTW, love this Keystone Kops pic, especially the cross-eyed Chief.

      Wild Bill Rides Again...

      • This reply was modified 3 months, 1 week ago by  WildBill.
      1 user thanked author for this post.
      • #166775 Reply

        woody
        Da Boss

        A mistaken double post? From Da Boss?!

        My bad. WordPress/bbPress has a weird bug that kicks in if you make two main blog posts with the exact same title. In this case, I posted the MS-DEFCON 2 warning this morning, using exactly the same title as a similar post in June 2015.

        As a result of the WordPress/bbPress bug, when you clicked on the link to “Comment on the AskWoody Lounge,” you were sent to the tail end of the June 2015 discussion.

        Anyway, I think everything’s OK now. The chief in the Keystone Kops pic? That’s me, right now.

        3 users thanked author for this post.
    • #166785 Reply

      MrJimPhelps
      AskWoody MVP

      Great picture, Woody!

      All I can say is, Whew! I got all of my Windows machines and virtual machines updated while we were still at MS-Defcon 3!

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
    • #166807 Reply

      Jan K.
      AskWoody Lounger

      … The chief in the Keystone Kops pic? That’s me, right now.

      Well, if you choose to run both WordPress and Windows, that’s only a logical consequence!

      1 user thanked author for this post.
    • #166855 Reply

      anonymous

      Has anyone tried this tool? https://www.sordum.org/9470/windows-update-blocker-v1-0/comment-page-1/#comments  Any thoughts?

    • #166866 Reply

      MrBrian
      AskWoody MVP
    • #166870 Reply

      Sweety407
      AskWoody Lounger

      I have Windows 7 64 bit and am still in Group B.  Can you please tell me how important are .NET Framework updates?  You warned in a recent article about possible problems with them and fortunately for me up until the recent updates I did not have any problems until the last .NET Framework update I did on 2-6-18.  In fact both on my laptop and desktop pc some things went a little haywire although the laptop straightened out somehow and starting working correctly.  However on my desktop pc I had to rollback back to a few days before that .NET Framework update (I think it was KB4033342 that has reappeared) and then it seemed to work OK after that.  As soon as I got through that I ran Windows updates again and had a whole lot more updates to do all published 1-18-18 including a few more .NET Framework updates and a whole bunch more security updates for Microsoft Office only I still have 2007.  Truthfully I’m afraid to download any more .NET Framework updates because I don’t want to go through what I just did last week and cause even more problems on my pc.  Any advice please?

      • #166877 Reply

        PKCano
        AskWoody MVP

        owever on my desktop pc I had to rollback back to a few days before that .NET Framework update (I think it was KB4033342 that has reappeared) and then it seemed to work OK after that

        KB4033342 is the installer for a different version of .NET (to v4.7.1) not a update to one that you had on your computer. It is relatively recent, and it is a good idea to let new versions sit for a while and have the bugs (if any) worked out.

        In general, the .NET ROLLUPS are OK to install. They contain updates.

        2 users thanked author for this post.
        • #166898 Reply

          Sweety407
          AskWoody Lounger

          When you say let the new versions sit for a while are you talking a few weeks, the next month or a few months.  After I did the updates when Woody said it was time, my monitor went completely blank (the pc was still on) and I had to go into safe mode to roll it back a little so I don’t really know what caused that.  I thought it was the .NET Framework update for some reason and maybe it was something else.

      • #167065 Reply

        anonymous

        Thank You

      • #167215 Reply

        anonymous

        Sweety407 said:
        I did not have any problems until the last .NET Framework update I did on 2-6-18.  In fact both on my laptop and desktop pc some things went a little haywire. […] However on my desktop pc I had to rollback back to a few days before that .NET Framework update (I think it was KB4033342 that has reappeared)

        What issues did you encounter ? Does your PC have the below registry key as required by Jan 2018’s .NET updates ? (The same registry key is still required for the just-released Feb 2018’s .NET updates.)

        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat
        => cadca5fe-87d3-4b96-b7fb-a231484277cc = 0x00000000  [REG_DWORD]

        On 07 Feb 2018, a Microsoft Answers forum user reported the following issues after installing Jan 2018’s .NET Security & Quality Rollup (KB 4055532) on Win 7 x64:

        several functions are not working, an empty network in explorer is the most glaring, homegroup is now present and cannot be removed.

        The best diagnostic information I can find is from a SQL Server plugin that has been installed for about a year. Note the error says “assembly is built by a runtime newer than the currently loaded runtime “. It appears that an obsolete .NET Framework 3.5.1 component made it into this rollup.

        Another user reported the below issue at MS Developer Network forum on 16 Jan 2018:

        After installing KB4055532, my computer [Win7 Pro] took 30 minutes to start an/or restart (I timed it). I uninstalled this update and my computer now starts/restarts normally.

         

    • #166901 Reply

      cyberSAR
      AskWoody Lounger

      I’m no security expert, but in all fairness to them, my experience with my small break and fix shop is that I found the majority of my clients couldn’t grasp the concept of delaying updates for a couple weeks or more. I’ve spent hours explaining how and why, but it just doesn’t click in my average users – young and old.

      Just last week I remoted into a client (for another issue) that we had setup to check for updates and notify over a year ago and not 1 update has been applied.

      When I asked her why she hadn’t updated she stated she was afraid to. She might be forced into Windows 10 again, she didn’t know when was a good time, it was never convenient.

      Found the same thing years ago with XP. At that time I put everyone on automatic until the Win10 fiasco. Now I’m back to setting them up for automatic with the deferral dates set in Win10.

    • #166905 Reply

      PKCano
      AskWoody MVP

      When you say let the new versions sit for a while are you talking a few weeks, the next month or a few months. After I did the updates when Woody said it was time, my monitor went completely blank (the pc was still on) and I had to go into safe mode to roll it back a little so I don’t really know what caused that. I thought it was the .NET Framework update for some reason and maybe it was something else.

      There were a lot of problems with this month’s patches. It may not have been the .NET that got you – more probably the Win Monthly Rollup. Just sit thight and don’t install the Feb patches till DEFCON-3. There may be more problems ahead.

      As for new versions – I like to let them sit for several months. .NET is not something most people have to rush. There were problems with Win7 when v4.7 first came out. Let someone else be the Guinea Pig!

      4 users thanked author for this post.
    • #166914 Reply

      anonymous

      RE: ” If there’s anybody in the industry who’s still spreading that kind of hooey, I want to know who and why.”
      Back on 1/9, no less than Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute, posts, “So better get patching.”
      https://isc.sans.edu/forums/diary/Microsoft+January+2018+Patch+Tuesday/23217/

    • #166937 Reply

      JDeC
      AskWoody Lounger

      I get my FlashPlayer updates at this site, Security Garden, But don’t agree with the Comment #3 at the bottom of this particular page “No, do NOT disable Windows Update as missing critical security updates could indeed have serious repercussions. ” Corrine is a Windows Insider/ MVP so…

      https://securitygarden.blogspot.com/search/label/Windows%207

      Group B HP Pavilion-dv6 Win7x64 Home Premium-Intel Core i5-3210M CPU

    • #166938 Reply

      Cascadian
      AskWoody Lounger

      … Any advice please?

      Do not check any boxes that are not preselected by WU, unless you have a specific reason for doing so. Or, do not get items from the catalog that you do not specifically want.

      In shorter, older words, do not fix what is not broken.

      • This reply was modified 3 months, 1 week ago by  Cascadian. Reason: typo fix
      3 users thanked author for this post.
    • #166940 Reply

      JDeC
      AskWoody Lounger

      better add: Windows Update is turned off ALL the time on my win7 😉

       

      Group B HP Pavilion-dv6 Win7x64 Home Premium-Intel Core i5-3210M CPU

    • #166922 Reply

      anonymous

      Just asking for a quick clarification, since I guess I’ll have to install the January patches this week at least, along with this month’s, since they include RCEs: Is it all right to set the registry entries to disable the Meltdown and Spectre fixes before installing that patch? And will that make those parts of the patch never trigger in the first place, to be sure I won’t have to worry about either conflicts/bugs or slowdown until I see a serious reason to apply them but get the benefit of any other patches in that bundle and avoid issues possibly caused by installing that after some later Group B patches?

    • #166958 Reply

      MrBrian
      AskWoody MVP

      Is it all right to set the registry entries to disable the Meltdown and Spectre fixes before installing that patch?

      Yes. See Q10 at https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution.

    • #167030 Reply

      anonymous

      Are the January patches ever likely to reach defcon 5?

    • #167033 Reply

      PKCano
      AskWoody MVP

      Are the January patches ever likely to reach defcon 5?

      The DEFCON rating is about whether it is safe to patch and what precautions need to be taken. It is about waiting to see where the problems are with each patch. The DEFCON rating for January was raised to 3 as an indication that the problems with each patch were, for the most part, known and patching could be done considering the cautions and precautions.

      The individual patches do not have a DEFCON rating. Once the January DEFCON goes to three, those patches problems are known and they can be always be installed (or not installed) with the known caveats.

      1 user thanked author for this post.
      • #167942 Reply

        Cascadian
        AskWoody Lounger

        PKCano, I know that you are very good at repeatably explaining this concept. And I cannot be sure of how many different anonymous voices read your correct answer for the first time.

        I hope my contribution may be helpful. As I understand it, the MS-DEFCON # identification system is a playful abbreviation for MicroSoft – DEFenseCONdition followed by a value. My attempt to help is to remind readers that this describes the environment that exists all around us, on the day we view the placard. It attempts to combine into a single value all the environmental conditions of the world-wide-web, wherever you may browse, the current health of an up to date Windows System, and Microsoft’s current offerings to adapt the second to the first.

        I am trying to say in a different way, the same as PKCano. The MSDefcon# right now describes now-now, not any one update item. And when it changes in either direction, it is a report on the change in conditions as they exist now.

        If the update were a football game (I don’t care what kind), and the conditions are Sunny with a light breeze; you might enjoy either playing or attending the match. If you learned the conditions were Cold with Heavy Rain; you might enjoy it even more, or you might decide to wait until another day more to your liking. MSDefcon is the weather report, not a report on the health of the team. Or any specific KBitem from Microsoft.

        If MVP consensus says I’m wide of the mark here, fell free to dispose of this comment.

    • #167136 Reply

      Microfix
      AskWoody MVP

      MS patch Tuesday list over at Martin Brinkmanns Ghacks..wow he is quick!

      https://www.ghacks.net/2018/02/13/microsoft-security-updates-february-2018-release/

       

      | 2x Group A W8.1 | | Group A+ Linux Hybrid | Forum Acronyms | Group W W7/XP Pro |
        No problem can be solved from the same level of consciousness that created IT - AE
      2 users thanked author for this post.
    • #167140 Reply

      MrBrian
      AskWoody MVP

      MS patch Tuesday list over at Martin Brinkmanns Ghacks..wow he is quick!

      Perhaps he has a program that does this. There is programmatic access to this info.

      • This reply was modified 3 months, 1 week ago by  MrBrian.
      1 user thanked author for this post.
    • #167335 Reply

      Didjey
      AskWoody Lounger

      Regarding recommendations: Swedish cert.se recommends updating “vulnerable systems” ASAP.

      Link in swedish but Google translate seems to work fine for this:
      https://www.cert.se/2018/02/microsofts-sakerhetsuppdateringar-februari-2018

      /D

      • #167725 Reply

        anonymous

        Swedish cert.se recommends updating “vulnerable systems” ASAP.

        I didn’t know this, but then again…
        I don’t know Didley.
        😉

    • #167798 Reply

      anonymous

      All of the operating system patches on Window 7 SP1 64bit for me appear to have been pulled, except for Office 2010 patches, nothing shows up at all.

      • #167800 Reply

        PKCano
        AskWoody MVP

        The Patches for Win7 have not been pulled. There are some things you need to check.

        Has your anti-virus program set the ALLOW RegKey? It is necessary or you won’t see OS or .NET patches in Windows Update. Here are the instructions to check. If this does not exisst, you may need to update to AV program.

        Check your processor. Microsoft was blocking certain AMD processors because of a conflict with the patches. Most have been unblocked, but some may still be.

        1 user thanked author for this post.
    • #167998 Reply

      anonymous

      @pkcano My antivirus is set and REGKEY is set.  I already have the Meltdown and Spectre patches from January applied, and the February patches showed up initially.  However, they no longer showed up for a period of a day or so.  They are showing up again on my HP machine tonight, when I checked this morning they were not being offered. 

      Likewise, with my Dell, Updates were checked at 7AM this morning, and no Window updates were offered, though they had been offered earlier in the week.  Tonight I checked for updates again and they have reappeared. Only Office 2010 updates were showing.  It may have been a temporary thing. 

      I have over 35 years experience in IT; I follow everything closely here, and my post about them not showing up was just to provide some data in case others were seeing the same thing.

      @pkcano, also, my processors are all Intel.

    • #169119 Reply

      rc primak
      AskWoody MVP

      Regarding experts still recommending leaving Windows 10 Automatic Updates turned on:
      There are quite a few experts who do recommend this, and they are not all “security experts”:

      Don’t tell people to turn off Windows Update, just don’t
      https://www.troyhunt.com/dont-tell-people-to-turn-off-windows-update-just-dont/
      15 MAY 2017

      Should Windows 10 Power Users Shut Off Windows Update?
      https://www.extremetech.com/computing/255686-windows-10-power-users-shut-off-windows-update
      September 13, 2017
      “Let me be clear: It is *generally* a bad idea to turn off security updates.”

      How to Turn Off Automatic Windows 10 Updates?
      https://ugetfix.com/ask/how-to-turn-off-automatic-windows-10-updates/
      2017-04-17 (April 17, 2017)
      “…IT specialists highly recommend keeping automatic Windows Update service enabled,…”

      Windows 10: The Missing Manual
      By David Pogue
      p. 498:
      “But there’s a pursuasive argument for leaving automatic updates turned on. Microsoft and other security researchers constantly find new security holes — and as soon as they’re found, Microsoft rushes a new patch out the door to fix it.” (He goes on to warn that when Microsoft issues a patch, it alerts hackers to a security flaw, and then the hackers begin to exploit it on unpatched PCs.)

      How to use Automatic Updates in Windows 10
      http://www.diamondbyte.co.uk/Blogs/files/fa117ef40cbe115972f0b33fd9dfdf6e-47.html
      Sept. 14, 2017

      For the vast majority of home users, this type of advice is good. They don’t want to or can’t be trusted to keep watching out for when it’s safe to patch, and most would mess up their systems fiercely if they so much as opened Regedit or Group Policies (which they as Home Users don’t have anyway). We are not talking about power users or advanced hobbyists like those of us who frequent this blog/forum. Just average Joes and Janes who want to turn on the PC and get on with their work or play.

      On the other hand, I would recommend to anyone who wants to just get on with our play to use a Chromebook, and those with serious work to do, get into Linux ASAP, as in yesterday.

      -- rc primak

      • This reply was modified 3 months ago by  rc primak.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 2 for Feb 2018: Make sure Automatic Update is turned off

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: